Cisco NX-OS CLI Command resource consumption

Summaryinfo

A vulnerability, which was classified as problematic, has been found in Cisco NX-OS. This vulnerability affects unknown code of the component CLI Command Handler. The manipulation leads to resource consumption. This vulnerability is documented as CVE-2018-0309. The attack can be initiated remotely. There is not any exploit available.

Detailsinfo

A vulnerability was found in Cisco NX-OS (Router Operating System) (affected version unknown). It has been rated as problematic. This issue affects an unknown functionality of the component CLI Command Handler. The manipulation with an unknown input leads to a resource consumption vulnerability. Using CWE to declare the problem leads to CWE-400. The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Impacted is availability. The summary by CVE is:

A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136.

The bug was discovered 06/20/2018. The weakness was released 06/21/2018 as cisco-sa-20180620-n3k-n9k-clis / CSCvf23136 as confirmed advisory (Website). It is possible to read the advisory at tools.cisco.com. The identification of this vulnerability is CVE-2018-0309 since 11/27/2017. The attack may be initiated remotely. The successful exploitation needs a simple authentication. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 03/28/2023). The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.

The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316296 (Cisco Nexus 3000 and 9000 Series CLI and Simple Network Management Protocol Polling Denial of Service Vulnerability(cisco-sa-20180620-n3k-n9k-clisnmp)).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entries connected to this vulnerability are available at VDB-119775, VDB-119774, VDB-119770 and VDB-119768. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• NX-OS

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion